P
US11297083B1ActiveUtilityPatentIndex 84

Identifying and protecting against an attack against an anomaly detector machine learning classifier

Assignee: CA INCPriority: Aug 15, 2019Filed: Aug 15, 2019Granted: Apr 5, 2022
Est. expiryAug 15, 2039(~13.1 yrs left)· nominal 20-yr term from priority
Inventors:KUPPA ADITYAGRZONKOWSKI SLAWOMIR
G06F 18/214G06F 18/24G06N 20/00H04L 63/1466H04L 63/1458H04L 63/145H04L 63/1425H04L 63/1416G06K 9/6256G06K 9/6267
84
PatentIndex Score
11
Cited by
73
References
20
Claims

Abstract

Identifying and protecting against an attack against an anomaly detector machine learning classifier (ADMLC). In some embodiments, a method may include identifying training data points in a manifold space for an ADMLC, dividing the manifold space into multiple subspaces, merging each of the training data points into one of the multiple subspaces, training a subclassifier for each of the multiple subspaces to determine a decision boundary for each of the multiple subspaces between normal training data points and anomalous training data points, receiving an input data point into the ADMLC, determining whether the input data point is an attack on the ADMLC due to a threshold number of the subclassifiers classifying the input data point as an anomalous input data point, and, in response to identifying the attack against the ADMLC, protecting against the attack.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A computer-implemented method for identifying and protecting against an attack against an anomaly detector machine learning classifier (ADMLC), at least a portion of the method being performed by a server device comprising one or more processors, the method comprising:
 identifying training data points in a manifold space for the ADMLC executing on the server device; 
 dividing the manifold space into multiple subspaces each defining a sphere; 
 merging each of the training data points into one of the multiple subspaces based on the sphere to which the training data point has the smallest spherelet distance; 
 training a subclassifier for each of the multiple subspaces to determine a decision boundary for each of the multiple subspaces between normal training data points and anomalous training data points; 
 receiving an input data point into the ADMLC; 
 determining whether the input data point is an attack on the ADMLC due to a threshold number of the subclassifiers classifying the input data point as an anomalous input data point; and 
 in response to identifying the attack against the ADMLC, protecting against the attack by directing performance, at the server device, of a remedial action to protect the ADMLC from the attack. 
 
     
     
       2. The method of  claim 1 , wherein the directing performance, at the server device, of the remedial action comprises one or more of blocking a network device that was a source of the input data point from accessing the server device over a network, rolling back one or more changes at the server device that were made by the network device, removing the input data point as input to the ADMLC, or some combination thereof. 
     
     
       3. The method of  claim 1 , wherein the threshold number of the subclassifiers is equal to all of the subclassifiers. 
     
     
       4. The method of  claim 1 , wherein the threshold number of the subclassifiers is less than all of the subclassifiers. 
     
     
       5. The method of  claim 1 , wherein the dividing of the manifold space into the multiple subspaces comprises using:
 a first tuning parameter that controls the nearest neighbor distance between any two of the training data points; and 
 a second tuning parameter that thresholds a spherical error before assigning one of the training data points to one of the subspaces. 
 
     
     
       6. The method of  claim 1 , wherein the ADMLC comprises a cybersecurity ADMLC employed in one or more of intrusion detection, Denial of Service (DoS) attack detection, security log analysis, or malware detection, or some combination thereof. 
     
     
       7. The method of  claim 1 , wherein the input data point is intended to undermine the ADMLC by appearing to be a normal data point when in reality it is an anomalous data point. 
     
     
       8. One or more non-transitory computer-readable media comprising one or more computer-readable instructions that, when executed by one or more processors of a server device, cause the server device to perform a method for identifying and protecting against an attack against an anomaly detector machine learning classifier (ADMLC), the method comprising:
 identifying training data points in a manifold space for the ADMLC executing on the server device; 
 dividing the manifold space into multiple subspaces each defining a sphere; 
 merging each of the training data points into one of the multiple subspaces based on the sphere to which the training data point has the smallest spherelet distance; 
 training a subclassifier for each of the multiple subspaces to determine a decision boundary for each of the multiple subspaces between normal training data points and anomalous training data points; 
 receiving an input data point into the ADMLC; 
 determining whether the input data point is an attack on the ADMLC due to a threshold number of the subclassifiers classifying the input data point as an anomalous input data point; and 
 in response to identifying the attack against the ADMLC, protecting against the attack by directing performance, at the server device, of a remedial action to protect the ADMLC from the attack. 
 
     
     
       9. The one or more non-transitory computer-readable media of  claim 8 , wherein the directing performance, at the server device, of the remedial action comprises one or more of blocking a network device that was a source of the input data point from accessing the server device over a network, rolling back one or more changes at the server device that were made by the network device, removing the input data point as input to the ADMLC, or some combination thereof. 
     
     
       10. The one or more non-transitory computer-readable media of  claim 8 , wherein the threshold number of the subclassifiers is equal to all of the subclassifiers. 
     
     
       11. The one or more non-transitory computer-readable media of  claim 8 , wherein the threshold number of the subclassifiers is less than all of the subclassifiers. 
     
     
       12. The one or more non-transitory computer-readable media of  claim 8 , wherein the dividing of the manifold space into the multiple subspaces comprises using:
 a first tuning parameter that controls the nearest neighbor distance between any two of the training data points; and 
 a second tuning parameter that thresholds a spherical error before assigning one of the training data points to one of the subspaces. 
 
     
     
       13. The one or more non-transitory computer-readable media of  claim 8 , wherein the ADMLC comprises a cybersecurity ADMLC employed in one or more of intrusion detection, Denial of Service (DoS) attack detection, security log analysis, or malware detection, or some combination thereof. 
     
     
       14. The one or more non-transitory computer-readable media of  claim 8 , wherein the input data point is intended to undermine the ADMLC by appearing to be a normal data point when in reality it is an anomalous data point. 
     
     
       15. A server device comprising:
 one or more processors; and 
 one or more non-transitory computer-readable media comprising one or more computer-readable instructions that, when executed by the one or more processors, cause the server device to perform a method for identifying and protecting against an attack against an anomaly detector machine learning classifier (ADMLC), the method comprising:
 identifying training data points in a manifold space for the ADMLC executing on the server device; 
 dividing the manifold space into multiple subspaces each defining a sphere; 
 merging each of the training data points into one of the multiple subspaces based on the sphere to which the training data point has the smallest spherelet distance; 
 training a subclassifier for each of the multiple subspaces to determine a decision boundary for each of the multiple subspaces between normal training data points and anomalous training data points; 
 receiving an input data point into the ADMLC; 
 determining whether the input data point is an attack on the ADMLC due to a threshold number of the subclassifiers classifying the input data point as an anomalous input data point; and 
 in response to identifying the attack against the ADMLC, protecting against the attack by directing performance, at the server device, of a remedial action to protect the ADMLC from the attack. 
 
 
     
     
       16. The server device of  claim 15 , wherein the directing performance, at the server device, of the remedial action comprises one or more of blocking a network device that was a source of the input data point from accessing the server device over a network, rolling back one or more changes at the server device that were made by the network device, removing the input data point as input to the ADMLC, or some combination thereof. 
     
     
       17. The server device of  claim 15 , wherein the threshold number of the subclassifiers is equal to all of the subclassifiers. 
     
     
       18. The server device of  claim 15 , wherein the dividing of the manifold space into the multiple subspaces comprises using:
 a first tuning parameter that controls the nearest neighbor distance between any two of the training data points; and 
 a second tuning parameter that thresholds a spherical error before assigning one of the training data points to one of the subspaces. 
 
     
     
       19. The server device of  claim 15 , wherein the ADMLC comprises a cybersecurity ADMLC employed in one or more of intrusion detection, Denial of Service (DoS) attack detection, security log analysis, or malware detection, or some combination thereof. 
     
     
       20. The server device of  claim 15 , wherein the input data point is intended to undermine the ADMLC by appearing to be a normal data point when in reality it is an anomalous data point.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.